public function indexAction()
{
header('content-type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
$valid = true;
$errors = [];
if (CommentModel::exists($this->pdo, htmlentities($_POST['id']))) {
$id = htmlentities($_POST['id']);
} else {
return json_encode($errors['id'] = '<span class="errors">Cet article n\'existe pas</span>');
}
$content = trim(htmlentities($_POST['content']));
$timestamp = time();
if (!isset($content) || empty($content)) {
$errors['content'] = '<span class="errors">Non saisi</span>';
$valid = false;
} elseif (strlen($content) > 200) {
$errors['content'] = '<span class="errors">200 caractères max</span>';
$valid = false;
}
$errors['valid'] = $valid;
if ($valid) {
CommentModel::edit($this->pdo, $id, $content, $timestamp);
}
echo json_encode($errors);
}
public function indexAction()
{
if (empty(explode('/', $_SERVER['REQUEST_URI'], 4)[2])) {
header('Location: /');
exit;
} else {
$id = explode('/', $_SERVER['REQUEST_URI'], 4)[2];
}
if (CommentModel::exists($this->pdo, $id)) {
if ($_SESSION['auth']['username'] === CommentModel::getAuthor($this->pdo, $id)) {
include '../app/views/editcomment.php';
return;
}
} else {
header('Location: /404');
exit;
}
}
public function indexAction()
{
if (empty(explode('/', $_SERVER['REQUEST_URI'], 4)[2])) {
header('Location: /');
exit;
} else {
$article_id = explode('/', $_SERVER['REQUEST_URI'], 4)[2];
}
if (CommentModel::exists($this->pdo, $article_id)) {
if ($_SESSION['auth']['username'] === CommentModel::getAuthor($this->pdo, $article_id) || $_SESSION['auth']['permissions'] === 'superadmin') {
CommentModel::delete($this->pdo, $article_id);
header('Location: /');
exit;
}
} else {
header('Location: /404');
exit;
}
}
